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(57) Abstract 

An apparatus for authenticating a subscriber at reg- 
istration is provided for use in a mobile communications 
system having at least a switching center communicati- 
ble with at least one equipment registry and at least two 
subscriber registries, wherein, for each system subscriber, 
data associated with that subscriber is stored at a unique 
address in one of the subscriber registries. The apparatus 
includes switching apparatus for requesting and receiving 
an equipment identity number from a mobile communica- 
tions device attempting to use the communications system, 
an equipment registry storing, for each mobile communica- 
tions device posted with the system, the equipment identity 
number and the unique address in the subscriber registries 
of the data associated with that equipment identity num- 
ber, apparatus for transmitting a received equipment iden- 
tity number from the switching apparatus to the equipment 
registry, apparatus for retrieving a unique address associ- 
ated with the transmitted equipment identity number and 
transmitting the unique address to the switching apparatus, 
apparatus for communicating directly with the unique ad- 
dress in the subscriber registries to retrieve data therefrom 
to the switching apparatus, and apparatus for determining 
whether to authorize use of the system by the mobile com- 
munications device attempting to use the communications 
system based on the retrieved data. 
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SYSTEM AND METHOD FOR AUTHENTICATING 
A CELLULAR SUBSCRIBER AT REGISTRATION 

FIELD OF THE INVENTION 

jhe present invention is directed toward a system and method of 
authenticating a cellular subscriber at registration and, more particularly, toward 
a system and method of authenticating a cellular subscriber at registration 
wherein the subscriber's HLR (Home Location Register) address is determined 
without having to analyze the unique IMSI (International Mobile Subscriber 
Identity) number associated with that particular subscriber. 

BACKGROUND OF THE INVENTION 

When a Public Land-Mobile Network (PLMN) requires multiple Home 
Location Registers (HLRs), either for capacity reasons or for geographical distri- 
bution of databases nearer the normal serving Mobile Switching Centers (MSCs) 
for those subscribers, the addressing is complicated by the fact that both the 
International Mobile Subscriber Identity (IMSI) number and the Mobile Services 
International Subscriber Directory Number (MSISDN) must be routable numbers 
pointing to the same HLR. This is handled in traditional Global Systems for 
Mobile Communications (GSM) networks by assigning a particular IMSI value 
after the MSISDN is chosen. 

However, in the U.S., the IMSIs are pre-assigned, i.e., already in 
the SIM (Subscriber Identification Moduie) chip internal to the cell phone at 
purchase, and thus the operator has no control over which IMSI a particular 
subscriber will get. This is a different situation than was envisioned by the 
original GSM designers when the standards were developed. This problem has 
been addressed by mapping the MSISDN to the IMSI in the MSCs to allow both 
numbers to point to the same HLR regardless of the MSISDN value. The rela- 
tionship between the MSISDN and the IMSI then becomes random, associated 
only by table data. Subscriptions, however, must still be located in the HLRs 
based on the IMSI number series. 
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If the operator does not care which HLR the subscribers are in, e.g., 
proximity of location does not matter either in length of signalling path or in 
grouping particular MSISDN series in a particular HLR versus all MSISDN series 
appearing in all HLRs, then this method is sufficient. However, it still results in 
overhead for the operator to assure that the IMSI series are manufactured and 
distributed in a coherent manner. 

If the operator does care how subscriptions are distributed among 
HLRs, then it is not sufficient to just map the MSISDN to the IMSI. In this 
situation, the entire IMSI will need to be analyzed to determine which HLR a 
subscriber is in, since subscribers will not be located in particular HLRs based on 
IMSI number series, but rather particular IMSI numbers. This has resulted in the 
addition of what are conventionally called enhanced STP (Signal Transferring 
Point) nodes to traditional GSM systems. The enhanced STP node is basically 
a conventional STP node modified or enhanced to be capable of analyzing the 
entire 15-digit IMSI number and/or the entire 10-digit MSISDN number. This 
enhanced STP node was not necessary when subscribers were assigned to HLRs 
based on the IMSI number series, as only the first six or seven digits of an IMSI 
number needed to be analyzed in order to determine which particular HLR a 
subscriber was in, and conventional STP nodes were capable of such analyza- 
tion. In order for the current systems to operatively function, all signalling 
traffic to the HLRs must be routed through these enhanced STP nodes, causing 
problems in delay, backlog, and possibly system shutdown should one of these 
nodes fail. 

The present invention is directed towards overcoming one or more 
of the above-mentioned problems. 

SUMMARY OF THE INVENTION 

In one aspect of the present invention, a method of authenticating 
a subscriber at registration is provided for use in a mobile communications 
system including at least a switching center communicatible with at least one 
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equipment registry and at least two subscriber registries, wherein, for each 
system subscriber, data associated with that subscriber is stored at a unique 
address in one of the subscriber registries. The method includes the steps of 
receiving an equipment identity number at the switching center, the equipment 
identity number being unique to a particular mobile communications device used 
by the subscriber, transmitting the equipment identity number to the equipment 
registry, checking operability status of the particular mobile communications 
device, transmitting, from the equipment registry to the switching center, the 
device operability status together with the unique address of data associated 
with the subscriber authorized to use the particular mobile communications 
device, retrieving data from the unique address, and authenticating the sub- 
scriber based upon the retrieved data. 

In one form, the mobile communications device includes a cellular 

telephone. 

In another form, the equipment identity number includes an Interna- 
tional Mobile Equipment Identity number unique to each mobile communications 
device. 

In another form, each subscriber registry includes a Home Location 

Register. 

In another form, the equipment registry transmits to the switching 
center, along with the unique address of data associated with the subscriber 
authorized to use the particular mobile communications device, the unique 
address in an authentication center allocated to that subscriber, wherein the 
authentication center is communicatible with the subscriber registries to provide 
data associated with the system subscribers thereto. 

In another form, the unique authentication center address transmit- 
ted by the equipment registry includes an authentication center identifier and a 
subscriber identity number corresponding to the unique address in the identified 
authentication center. 
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In another form, the unique subscriber address transmitted by the 
equipment registry includes a subscriber registry identifier and a subscriber 
identity number corresponding to the unique address in the identified subscriber 
registry. 

In another form, the subscriber identity number includes an Interna- 
tional Mobile Subscriber Identity number unique to each subscriber. 

In another form, the switching center includes a Mobile Switching 
Center having an associated Visitor Location Register. 

In another form, the equipment registry includes an Equipment 
Identity Register. 

In another aspect of the present invention, an apparatus for authen- 
ticating a subscriber at registration is provided for use in a mobile communica- 
tions system having at least a switching C3nter communicatible with at least one 
equipment registry and at least two subscriber registries, wherein, for each 
system subscriber, data associated with that subscriber is stored at a unique 
address and one of the subscriber registries. The apparatus includes switching 
apparatus for requesting and receiving an equipment identity number from a 
mobile communications device attempting to use the communications system, 
an equipment registry storing, for each mobile communications device posted 
with the system, the equipment identity number and the unique address in the 
subscriber registries of the data associated with that equipment identity number, 
apparatus for transmitting a received equipment identity number from the 
switching apparatus to the equipment registry, apparatus for retrieving a unique 
address associated with the transmitted equipment identity number and trans- 
mitting the unique address to the switching apparatus, apparatus for communi- 
cating directly with the unique address in the subscriber registries to retrieve 
data therefrom to the switching apparatus, and apparatus for determining 
whether to authorize use of the system by the mobile communications device 
attempting to use the communications system based on the retrieved data. 
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In one form, the equipment registry also stores, for each mobile 
communications device posted with the system, operability status data associ- 
ated with the equipment identity number. The retrieving apparatus also retrieves 
the operability status data associated with the transmitted equipment identity 
number, and, the determining apparatus also determines whether to authorize 
use of the system based on the retrieved operability status data. 

In another form, the equipment registry also stores, for each mobile 
communications device posted with the system, a unique address in an authenti- 
cation center allocated to the subscriber. The retrieving apparatus also retrieves 
the unique address in the authentication center, wherein the authentication 
center is communicatible with the subscriber registries to provide data associ- 
ated with system subscribers thereto. 

It is an object of the present invention to provide a system and 
method for authenticating a cellular subscriber while minimizing signalling costs. 

It is a further object of the present invention to provide a system 
and method for authenticating a ceilular subscriber while eliminating problems in 
delay, backlog, and system shutdown due to conventional STP nodes. 

It a further object of the present invention to provide a system and 
method for authenticating a cellular subscriber while maximizing speed and 
reliability of the system and at the same time simplifying maintenance. 

It is yet a further object of the present invention to provide a sys- 
tem and method for authenticating 3 cellular subscriber providing the advantages 
identified above utilizing present systems without requiring costly and prohibitive 
modifications to the many current systems in place. 

Other aspects, objects and advantages of the present invention can 
be obtained from a study of the application, the drawings, and the appended 
claims. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

Fig. 1 illustrates the major components of a fixed network support- 
ing a cellular radio system; 

Fig. 2 is a flow diagram illustrating a prior art method of establish- 
ing communication via the fixed network; 

Fig. 3 is a flow diagram illustrating a prior art method of performing 
an equipment check via fixed network; 

Fig. 4 is a block diagram of the major components of a prior art 
fixed network; and 

Fig. 5a-5b are a flow diagram illustrating the authentication and 
equipment check method according to tne present invention. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

Fig. 1 illustrates the major components of a fixed network support- 
ing a cellular radio system, shown generally at 10. For clarity, speech communi- 
cation between components is indicated with a double line, while signalling 
communication between components is indicated with a single line. The fixed 
network 10 includes a Base Station Subsystem (BSS), shown generally at 12, 
which includes a Base Station Controller (BSC) 14 and several Base Transceiver 
Subsystems (BTS) 16, with each group l 8 of BTSs 16 associated with a partic- 
ular BSC 14. Each BTS 1 6 provides a radio cell of one or more channels, with 
at least one of its radio channels assigned to carry control signals in addition to 
traffic. The BSC 14 is responsible for the management of the radio resource 
within a region. The BSCs' main functions are to allocate and control traffic 
channels, control frequency hopping, jndertake handovers (except to cells 
outside its region), and provide radio performance measurements. Once a 
Mobile Subscriber (MS) 20, which may include a cellular phone or any other type 
of mobile communications device, has accessed and synchronized with a BTS 
16, the BSC 14 will allocate to it a dedicated bidirectional signalling channel and 
will set up a route to a Mobile Switching Center (MSC) 22. 
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The MSC 22 routes traffic and signalling within the network 10 and 
interworks with other networks. It generally includes a trunk Integrated Services 
Digital Network (ISDN) exchange wim additional functionality and interfaces to 
support the mobile application. Every MSC 22 has an associated, or co-located, 
Visitor Location Register (VLR) 24. The VLR 24 is a register associated with the 
MSC 22 and used by the MSC 22 to obtain and store information needed to 
handle a call. While the MSC 22 and the VLR 24 were initially standardized in 
Global Systems For Mobile Communications (GSM) as separate nodes, nearly 
every manufacturer has essentially merged these nodes and has implemented 
them as a combined unit. Accordingly, hereafter the combination will be re- 
ferred to as an MSC/VLR 26. 

The fixed network 10 also includes an Equipment Identity Register 
(EIR) 28, a Home Location Register (HLR) 30, and an Authentication Center 
(AUC) 32. While not specifically shown in Fig. 1, the fixed network 10 will 
generally include a plurality of HLRs 30 ^nd AUCs 32, although not necessarily 
in equal numbers. Each MSC 22 direccly communicates with the EIR 28 and 
every HLR 30 in the network 1 0. The EIR 28 f HLR 30, and AUC 32 are gener- 
ally utilized for equipment check and authentication operations, which will be 
described hereafter. The fixed network 10 conventionally communicates with 
a standard Public Switched Telephone Network (PSTN) 34 under the control of 
an Operations Center 36, which monitors the communication and administers 
changes in the data tables controlling communication with the PSTN 34, but 
does not directly control the communication. 

Every cell phone 20 which is sold has associated with it an Interna- 
tional Mobile Subscriber Identity (IMS!) number and an International Mobile 
Equipment Identity (IME!) number. The IMSI is generally a unique 15-digit 
subscriber identity number included within the SIM (Subscriber Identity Module) 
chip internal to the cell phone 20 identifying the individual who purchased the 
cell phone 20. In GSM-type phones, the SIM chip is removable. The IMEI is a 
unique 15-digit or more equipment identity number associated with a particular 
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cell phone 20 unit. The IMEI is not the serial number that is stamped on the 
equipment, but is rather similar to an internal serial number implemented to 
prevent the use of stolen equipment. The present invention has particular 
applicability for use with cellular phones naving detachable SIM chips, which 
currently include the GSM-type PCS (Public Communication System) telephones. 
However, it should be noted that while tne Mobile Subscriber 20 is herein gener- 
ally described with reference to a ceil pnone, and the method detailed herein is 
specific to GSM-type networks, the present invention also contemplates use 
with other digital PCS standards having separate subscriber identities and equip- 
ment identities, both stored in the phone or other mobile communication de- 
vices. 

Fig. 2 is a flow diagram illustrating a prior art method of establish- 
ing communication, i.e., making a call, via the fixed network 10. Assume a 
plurality of cell phones 20 are delivered to stores for sale to end consumers/sub- 
scribers. Each of the cell phones 20 includes an SIM chip which contains a 
unique IMSI number. Generally, the last 4-6 digits of the IMSI number identify 
the series or group of phones. For instance, if ten thousand phones are deliv- 
ered, the last four digits of the IMSI number may range from 0000-9999. 
Generally, the first six digits of the IMS! number identify the service provider. 

When a group of new ceil phones 20 are delivered for sale, an 
Administration Center 38 within the network 10 is notified and delivered the 
corresponding IMSI numbers associated with the phones 20. The Administra- 
tion Center 38 first conventionally creates, at 40, a subscription with just the 
IMSI number. The Administration Center 38 then conventionally creates, at 42, 
a subscription in the HLR 30 with tne IMSI number plus the Mobile Services 
International Subscriber Directory Number (MSISDN). The MSISDN is essentially 
the 1 0-digtt phone number allocated to a particular user/subscriber. It should be 
noted that these subscriptions are set up prior to a subscriber ever purchasing 
the cell phone 20 and being assignee a ohone number. Accordingly, the original 
subscription in the HLR 30 is set up vitn a "dummy" MSISDN in order to allow 
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a first call to go through. However, ihis is conventional in the art and a detailed 
description is not necessary. 

After the subscription is created in the HLR 30, the HLR 30, at 44, 
conventionally fetches a plurality of triplets from the AUG 22. The HLR 30 may 
fetch one or more sets of triplets from the AUC 22, depending on how many the 
HLR 30 is set up to accept. When more than one set of triplets are fetched, the 
additional triplets may be stored and subsequently used so that the HLR 30 need 
not communicate with the AUC 22 every time triplets are needed for authentica- 
tion purposes. However, more than one set of triplets do not need to be fetched 
as communication with the AUC 22 can be done each time authentication is 
required. 

A triplet is a set of three data items which are generated by the 
AUC 22 only at the request of the HLR 30. Triplets are generated specifically 
for a given IMSI number, and may oniy be used successfully for that IMSI num- 
ber. Each triplet consists of the following data items: 

1 ) RAND - a 1 28-bit random number generated by the AUC 22 every 
time it produces triplets: 

2) SRES - a 32-bit Signec Response generated by the specified ver- 
sion of the A3 or A33 aigorithms using RAND and the Subscriber 
Key (Ki); and 

3) Kc - a 64-bit Cipher Key generated by the specified version of the 
A8 or A3S algorithms using RAND and the Subscriber Key (Ki). 

The subscriber Key (Ki) is unique ro each subscriber and is installed in the SIM 
chip in the cell phone 20 and also stored at the subscriber's address in the AUC 
32. The Subscriber Key (Ki) is utilized by both the ceil phone 20 and the 
MSC/VLR 26 to generate respective Signed Responses (SRES) and Cipher Keys 
(Kc). Since the Subscriber Key (Ki) is stored at both locations, it need not be 
transmitted over the air. It is important for the security of the network that the 
Subscriber Key (Ki) remain secret and not be transmitted over the air. 
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It should be further understood that in each triplet, A3 refers to the 
version number of the algorithm usee to generate the Signed Response (SRES); 
A8 refers to the version number of ;ne algorithm used to generate the Voice 
Channel Cipher Key (Kc); and A38 reiers to the version number of a combined 
A3 and A8 algorithm. Further it shouid stso be understood that along with the 
Subscriber Key (Ki), the A3, A8 and A38 algorithms are also provided in the SIM 
chip of the associated cell phone 20 

After completion of the above-identified steps 40, 42, and 44, 
commonly referred to as the original setup, the fixed network 10 is ready for a 
user/subscriber to place a call. Upon initiating a call, the MS 20 registers, at 46, 
with the MSC/VLR 26 using either a femoorary Mobile Subscriber Identity 
(TMSI) or an IMSI. The TMSI is essentially a random number assigned by the 
network 10 to identify a particular subscriber. After a subscriber has registered 
and authenticated, on subsequent c:-;iis. rather than continuing to register with 
the IMSI, the network 10 assigns a "MSI, which is an arbitrarily assigned 
number used by the network 10 and MS 20 until another TMSI is assigned by 
the network 10, or the network 1 0 -urges the TMSI from the system for non- 
use or some other reason. This aids \w preventing theft of the subscriber's IMSI 
number by minimizing transmission rr tne iMSI number over the air. 

The MSC/VLR 26 penoa^aiiy purges TMSI numbers that have not 
been in use for an extended period of time. Thus, if the MS 20 attempts to 
register with a TMSI that has been purged from the system, the MSC/VLR 26, 
upon receiving a no longer valid TMS.. v\ill send back an IDENTITY REQUEST at 
48, requesting the Mobile Subscriber 20 to forward its IMSI number. The 
MSC/VLR 26 analyzes the IMSI to Jei .v nine the subscriber's HLR address, i.e., 
the particular HLR in which the si :nz :;rotion for the subscriber is located, and 
then transmits the IMSI to the HLR tc essentially "look-up" the subscriber's 
address and fetch a triplet from tne HLR 30, at 50. As shown at 52, if 
necessary, the HLR 30 fetches mere triplets from the AUC 22, and forwards a 
triplet to the MSC/VLR 26 at 54. Fetching triplets at 42 may be necessitated by 
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the fact that the HLR 30 had not previously stored triplets for use or had simply 
run out of stored triplets, since e?.cr rime 3 subscriber is authenticated, one of 
the sets of triplets is removed f ron :ne HLR 30 for authentication purposes. 

Upon receiving the cr ::e trie MSC/VLR 26, at 56, sends the 
random number (RAND) to the MS 10. The MS 20, at 58, generates, in its SIM 
chip, a Signed Response (5RES) rem The random number (RAND), and sends 
the generated SRES back to the MSC/VLR 26. The MSC/VLR 26 then compares 
the SRES sent from the MS 20 with the SRES already stored as part of the 
triplet, and only if they are equal wiii the MS 20 be authenticated so the 
MSC/VLR 26 will allow the call tc go through. 

Assuming the MSC/VLR 25 verifies the authentication of the MS 
20, i.e., allows a call to go through, he MSC/VLR 26, at 60, transmits the 
Cipher Key (Kc), already stored as psrt of the triplet, to the BTS 16. This Cipher 
Key (Kc) is also, at 62, internally generated in the SIM chip in the MS 20 from 
the RAND required from the MSC/VLR 25 and the stored Subscriber Key (Ki) and 
A8/A38 algorithms for speech cipnennc. Thus, the cipher Key (Kc) need not be 
transmitted over the air, further ad dir. g cc the security features. Since the 
Cipher Key (Kc) is now located at b h ;ncs of the air interface, i.e., at the MS 
20 and the BTS 1 6, ciphering mav row rake place between the MS 20 and BTS 
16 to provide security for over tne air Transmissions between the MS 20 and 
BTS 16. 

Once authentication is sompiete, an equipment check is done as 
shown in the flow diagram of Fig. 3. It snould be noted that an equipment 
check does not necessarily have to oe done every time a subscriber registers, 
but may be preset to initiate every third fifth, etc., time the subscriber registers. 

The MSC/VLR 26, ai e->, ransmits an IDENTITY REQUEST to the 
MS 20 requesting its IMEI numoe The MS 20, at 66, transmits its IMEI 
number to the MSC/VLR 25, which ■ now encrypted since ciphering has begun. 
The MSC/VLR 26, at 68, transmits the IMEI to the EIR 28 and requests an 
EQUIPMENT CHECK. The EIR 23 hen checks its black, gray, and white lists 
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and informs, at 70, the MSC/VLR 2€ of che list in which the IMEI was found, or 
that the IMEI is unknown. The dIcck ist is essentially a list of all phones or 
handsets that are invalid for scnrv; r ason, e.g., stolen. The gray list is 
essentially a list of all phones or handsets having some particular problem, but 
they are not necessarily listed a-s b d or invalid phone. The white list is 
essentially a list of all phones thai ; ra r- pecirically approved for use within the 
network 10. However, if a phone i: s not included in the white list, it is 
considered unknown and it gets rcated the same as a phone included in the 
white list. Thus, particular phones i~at are good do not need to be listed; only 
the phones that are bad or invalid n:j*ad to oe listed. 

The MSC/VLR 26, at 7 2, ;hen accepts/rejects or allows/disallows 
the call based on the EIR 28 response and/or MSC/VLR 26 parameters (for 
example, if the particular phone had been reported as stolen, i.e., black listed, or 
if the subscriber is attempting to utilize a particular feature not included in the 
subscription, the MSC/VLR 26 will reject/disallow the call). 

It is important to recognize that in the above-described method, 
communication between the various : onponents does not occur directly. More 
specifically, as shown in Fiy. 4, ccn muVication between the MSC/VLR 26, the 
HLR 30, the AUC 22, and th ; TiR 23 are routed through STP (Signal 
Transferring Point) nodes 74. If -:>c :n he liVISI and the MS1SDN numbers are 
randomly chosen, the network 1C i thon forced to analyze the entire 15-digit 
IMSI and/or 10-digit MSISDN to dctrr nhs the subscriber's HLR address. Since 
conventional STP nodes 74 were designed to perform only 6 or 7-digit 
analyzation, one or more of these 3"TP nodes 74 must be enhanced to do 10 or 
15-digit analyzation. 

While it is possible :r network operators to distribute HLR 
subscriptions based on the IMS; r.umoer series, and thus do not have the 
problem of analyzing the entire 1 5-didt MSI number, such operators are unable 
to optimally locate the HLR subscriprior.s. 
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While it is theoretical:/ : ;os sibte xc have the entire network do the 
complete analysis, it is extremeiy impractical due to the requirements of 
synchronizing and storing the rouring data in all nodes; accordingly, the 
enhanced STP nodes have been p ovidea to do this translation. Thus, all 
signalling traffic within the network must be routed through these enhanced STP 
nodes to ensure network operability. This not only adds additional steps in the 
authentication process, but also may cause problems such as backlog, delay, 
disconnections, etc., in high traffic networks, and may run the potential of 
system shutdown should one or norn of these enhanced STP nodes fail. 
Further, these enhanced STP node ; require greater monitoring and maintenance 
than the conventional STP nodes, a d oust have identical data {i.e., the HLR 
address for all the subscribers in -rh* : network) since each enhanced STP node 
may be called upon to communicate with each HLR within the network. 

The present invention does away with the additional requirements 
of the enhanced STP nodes and essentially combines the authentication process 
with the equipment check. The .resent invention has particular utility at the 
registration of the mobile subscriber 10 \Le., when the phone is first turned on). 

Figs. 5a-5b are a flow Jiagram illustrating the present invention. 
The original setup ir essentially the same as the original setup 
previously described with respect to ig. 2, except that the administration center 
38, at 76, now creates an entry In he E!R 28 for each individual phone using 
the IMEI number. Each entry inciuJes the :MSi number associated with that 
particular phone (IMEI), and the ccrre^pcnaincj HLR and AUC addresses, i.e., the 
particular HLR or AUC in which the subscriber's subscription is located. It 
should be noted that in a system h jv g -=ignt or iess combined HLR/AUCs, three 
additional binary bits is ail that s needed to distinguish between the eight 
different locations. Similarly, four binary bits would distinguish sixteen different 
locations, etc. However, the size o* the data field is not a primary concern, as 
the entry could contain an actual acdress or an index to the actual address. 
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Upon initiation of a cali. the Mobile Subscriber 20, at 46, registers 
with the MSC/VLR 26 using a TM3I or an ilViSi number as previously described. 
If the received TMSI or IMSI nurnLer s not recognized at the MSC/VLR 26 {e.g., 
the TMSI or IMSI number was purges, cr it couid be a new subscription with the 
very first registration), the MSC/VLR 25, at 73, sends an IDENTITY REQUEST 
to the MS 20 requesting the IMEI and the MS 20, at 80, responds to the 
IDENTITY REQUEST by transmitting the IMEI to the MSC/VLR 26. 

Upon receiving the :MEI, the MSC/VLR 26, at 82, transmits the 
IMEI directly to the EIR 28 and requests an EQUIPMENT CHECK. The EIR 28, 
at 84, checks the black, gray, ^rd white lists as previously described and 
informs the MSC/VLR 26 of the i s: in which the IMEI was found. The EIR 28 
also, at 84, returns the IMSI number, the HLR address, and the AUC address to 
be maintained at the MSC/VLR 2C unless or untii thereafter purged according to 
normal MSC/VLR 26 protocol. 

The MSC/VLR 26, at 8 5, then transmits the IMSI to the appropriate 
HLR 30 determined from the HLR k dress and fetches a triplet from the HLR 30 
(Fig. 5b) and passes the AUC adcrei s received from the EIR 28 to the HLR 30. 
More particularly, the HLR 30 receives the IMSI and determines the subscriber's 
address from a look-up rable or , iher conventional means. As previously 
described, if necessary, at 52, the HLR 30 fetches more triplets from the AUC 
22 using the AUC address and -ha i vISI. The HLR 30 transmits, at 54, a triplet 
to the MSC/VLR 26 as previously c escribed, end the rest of the authentication 
procedure, namely, steps 56, 5E, ,0, and 62, occurs as previously described 
with respect to Fig. 2. 

With the present invention, the dependency of the HLR address and 
the AUC address on the IMSI number series is broken, and it is possible to map 
the subscriptions in the AUC direotl v to the HLR. Since the HLR address is not 
dependent on the IMSI number series, an HLR locally situated with respect to a 
subscriber could always be cho en to store that particular subscriber's 
subscription. Further, the proposed approach alleviates the requirement of 
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additional STP nodes, which are 'e^uired to translate the entire 15-digit IMSI 
and 10-digit MSISDN numoers wiien the HLR chosen to store the subscription 
is based (as preferred) on location rcrher than the IMSI number. 

The present nventicn may be implemented in present systems 
without requiring costly and prohibitive modifications to the many current 
systems in existence. implementation of the present invention reduces 
signalling costs and simplifies maintenance of the system (by at least removing 
the additional enhanced STP nod as while &t the same time maximizing speed 
and reliability of the system. Problems such as delay, backlog and system 
shutdown, previously experienced a result of the additional STP nodes, are 
minimized. This may in turn increase user satisfaction resulting in increased 
business, recognition, etc. 

While the invention has oeen described with particular reference to 
the drawings, it should be understood that various modifications could be made 
without departing from the spirit and scope of the present invention. 
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1. In a mobile communications system including at least a 
switching center commumcatible w.th at ieast one equipment registry and at 
least two subscriber registries wherein, for each system subscriber, data 
associated with that subscriber is stored at a unique address in one of the 
subscriber registries, a method of authenticating a subscriber at registration 
comprising the steps of: 

receiving an equipment identity number at the switching center, the 
equipment identity number being -r que to a particular mobile communications 
device used by the subscriber; 

transmitting the equipment identity number to the equipment 

registry; 

checking operabiiity sieius of the particular mobile communications 

device; 

transmitting, from the equipment registry to the switching center, 
the device operabiiity status together with the unique address of data associated 
with the subscriber authorized tc use the particular mobile communications 
device; 

retrieving data from thr- unique address; and 
authenticating the suoscriber based upon the retrieved data. 

2. The method cf cla m 1, wherein the mobile communications 
device comprises a cellular telepr.o r 3. 

3. The method of ciaim 1 . wherein the equipment identity number 
comprises an International Mobile equipment identity number unique to each 
mobile communications device 
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4. The metnod of chirr. 1, wherein each subscriber registry 
comprises a Home Location Register 

5. The method of ciaim I, wherein the equipment registry 
transmits to the switching center, along with the unique address of data 

5 associated with the subscriber authorized to use the particular mobile 
communications device, a unique address in an authentication center allocated 
to that subscriber, wherein the authentication center is communicatible with the 
subscriber registries to provide data associated with system subscribers thereto. 

6. The method cf ciaim 5, wherein the unique authentication 
10 center address transmitted by the equipment registry comprises an 

authentication center identifier and a subscriber identity number corresponding^ 
to the unique address in the identified authentication center. 

7. The method of ciaim 6, wherein the subscriber identity number 
comprises an International Mobile Subscriber Identity number unique to each 

1 5 subscriber. 

8. The method of claim 1 , wherein the unique subscriber address 
transmitted by the equipment registry comprises a subscriber registry identifier 
and a subscriber identity number corresponding to the unique address in the 
identified subscriber registry 

20 9. The method of claim 3, wnerein the subscriber identity number 

comprises an International Mobile Subscriber Identity number unique to each 
subscriber. 
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10. The method of claim l f wherein the switching center 
comprises a Mobile Switching Center having an associated Visitor Location 
Register. 

11. The method j? ;iaim 1, wherein the equipment registry 
comprises an Equipment Idenxixy .^e^ister. 

12. In a mobile communications system having at least a 
switching center communicatitle a rh at least one equipment registry and at 
least two subscriber registries /,! orein for each system subscriber, data 
associated with that subscriber ;torea at a unique address in one of the 
subscriber registries, an apparatus re: autnenticating a subscriber at registration 
comprising: 

switching means for recuesting and receiving an equipment identity 
number from a mobile communications device attempting to use the 
communications system; 

an equipment regisiry storing, for each mobile communications 
device posted with the system t::e equipment identity number and the unique 
address in the subscriber registries ; f the data associated with that equipment 
identity number; 

means fcr transmiuinq \ received equipment identity number from 
the switching means to the equcr^m reentry; 

means for retrieving ne unique address associated with the 
transmitted equipment identity number and transmitting the unique address to 
the switching means; 

means for communicating directly with the unique address in the 
subscriber registries to retrieve data therefrom to said switching means; and 

means for determining whether to authorize use of the system by 
the mobile communications c evic< aiiempcing to use the communications 
system based on the retrieved data. 
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13. The apparatus c; "isirr; ! 2, wherein: 

said equipment reuisiry aiso stores, for each mobile communica- 
tions device posted with the system, nparabiiity status data associated with its 
equipment identity number, 

said retrieving means siso retrieves the operability status data 
associated with the transmitted equipment identity number, and 

said determining means aiso determines whether to authorize use 
of the system based on the retrievec operability status data. 

14. The system o :. aim "2. wherein each subscriber registry 
comprises a Home Location Register 

15. The system of - iaim 12 wherein the equipment registry 

comprises an Equipment Identify ! rj..iisver. 

16. The system or r:asm 12, wherein the equipment identity 
number comprises an Internationa! v ?biie Equipment Identity number unique to 

each mobile communications device. 

17. The system of -;:;a-m .2. wnerein: 

said equipment reqistr oi~o stores, for each mobile communica- 
tions device posted with the sys -m z- unique address in an authentication 
center allocated to that subscroer. no 

said retrievinn m»arr ilso retrieves the unique address in the 
authentication center, wherein r- ; inentication center is communicatee with 
the subscriber registries :o prov;;:: .nats associated with system subscribers 
thereto. 
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18. The system u im ! ?'. wherein the unique address in the 
authentication center retrieved :y \ ■ relieving means comprises an authentica- 
tion center identifier and a sldsc: ;er saeniity number corresponding to the 
unique address in the identifier aucr jruicaxion center. 

19. The system cf claim IS, wherein the subscriber identity num- 
ber comprises an International MobiL- Subscriber identity number unique to each 
subscriber. 

20. The system cf cir^-n 1 2, wherein the mobile communications 
device comprises a cellular telephone. 

21 . The system of ohim 1 2, wherein the unique address in the 
subscriber registries retrieved by retrieving means comprises a subscriber 
registry identifier and a subscriber I entity number corresponding to the unique 

address in the identified subscribe.- vestry. 

22. The system cf o-?,; n 21 , wherein the subscriber identity num- 
ber comprises an International [vloLll Subscriber identity number unique to each 
subscriber. 
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